Thursday, January 23, 2025
HomeSecurity NewsSmartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock...

Smartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock Smartphone

Published on

SIEM as a Service

Follow Us on Google News

IoT extends the connectivity of physical devices beyond the standard devices, it affects the daily lives of the users and their information security.

Wearables increase the efficiency of data gathering, researchers from the University of Michigan and the University of South Carolina found it is possible to add thousands of steps to a Fitbit using sound waves at different frequencies.

Experts believe that IoT could contain more than 30 billion objects by 2020 and its market value could reach $7.1 trillion by 2020.

Security researchers from Kaspersky published a research report on examining how wearable signals within wearable devices could allow attackers to intrude victims’ privacy and to gain access to the corporate network of the company they associated.

Most of the smartwatches are cyberphysical systems that controlled by computer algorithms and they are equipped with sensors like magnetometers, accelerometers, and gyroscopes that logs user data.

Kingwear KW88 and PYiALCY X200 smartwatches are selected for this study due it’s simplicity of writing apps for them and they developed a simple app for the study.

Tracking the Victim

With smartwatch inbuilt accelerometers and gyroscopes signals readings, it can be assumed the user activity at the moment.

When the user is walking, the hand wearing the smartwatch oscillates like a pendulum. Pendulum swings are a periodic process, so it can be assumed that the user was walking at that moment.

Pic Courtesy: SecureList

In another segment there no change with the periodic oscillations but the change in the accelerometer signal envelope axis. Possibly it could be a public transport with stops.

Another time slice is with short periods of activities and unexpected hand movements, researchers assumed the person could probably indoors.

Pic Courtesy: SecureList

PIN codes

According to researchers, it is possible to capture a PIN code based on the accelerometer and gyroscope signals from a smartwatch.

By deciphering the three axes of the accelerometer and gyroscope signals, a random person pin code can be detected with a minimum accuracy of 80%.

Computer and smartphones unlocking

For unblocking the device the hand movements and corresponding acceleration are minimal. Based on the cross-correlation of data for the corresponding axes of the accelerometer and gyroscope.

Smallest cross-correlation function values obtained for unlocking smartphones (up to 64%), and for computer password it is the largest (up to 96%).

Researchers concluded that “without a doubt, portable cyber-physical systems expand the attack surface for potential intruders. The recorded signals can be transmitted by the phone to the attacker’s server whenever the latter has access to the Internet.”

“So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact”.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...